static int client(ssh_session session){
int auth=0;
char *banner;
int state;
if (ssh_options_set(session, SSH_OPTIONS_HOST ,host) < 0)
return -1;
ssh_options_parse_config(session, NULL);
if(ssh_connect(session)){
fprintf(stderr,"Connection failed : %s\n",ssh_get_error(session));
return -1;
}
state=verify_knownhost(session);
if (state != 0)
return -1;
ssh_userauth_none(session, NULL);
banner=ssh_get_issue_banner(session);
if(banner){
printf("%s\n",banner);
free(banner);
}
auth=authenticate_console(session);
if(auth != SSH_AUTH_SUCCESS){
return -1;
}
forwarding(session);
return 0;
}
static int client(ssh_session_t *session)
{
int auth=0;
char *banner;
int state;
if (user)
{
if (ssh_options_set(session, SSH_OPTIONS_USER, user) < 0)
{
return -1;
}
}
if (ssh_options_set(session, SSH_OPTIONS_HOST ,host) < 0)
{
return -1;
}
if (proxycommand != NULL)
{
if(ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, proxycommand))
{
return -1;
}
}
ssh_options_parse_config(session, NULL);
if(ssh_connect(session))
{
fprintf(stderr,"Connection failed : %s\n",ssh_get_error(session));
return -1;
}
state = verify_knownhost(session);
if (state != 0)
{
return -1;
}
ssh_userauth_none(session, NULL);
banner = ssh_get_issue_banner(session);
if(banner)
{
printf("%s\n", banner);
free(banner);
}
auth = authenticate_console(session);
if(auth != SSH_AUTH_SUCCESS)
{
return -1;
}
if(!cmds[0]) {
shell(session);
} else {
batch_shell(session);
}
return 0;
}
// TODO: remove this obsolete
static int client(ssh_session session)
{
int auth=0;
int state;
if (user)
if (ssh_options_set(session, SSH_OPTIONS_USER, user) < 0)
return -1;
if (ssh_options_set(session, SSH_OPTIONS_HOST ,host) < 0)
return -1;
if (proxycommand != NULL)
{
if(ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, proxycommand))
return -1;
}
ssh_options_parse_config(session, NULL);
if(ssh_connect(session))
{
fprintf(stderr,"Connection failed : %s\n",ssh_get_error(session));
return -1;
}
state=verify_knownhost(session);
if (state != 0)
return -1;
ssh_userauth_none(session, NULL);
auth=authenticate_console(session);
if(auth != SSH_AUTH_SUCCESS)
{
return -1;
}
shell(session);
return 0;
}
static ssh_session connect_host(const char *host, int verbose, char *cipher){
ssh_session session=ssh_new();
if(session==NULL)
goto error;
if(ssh_options_set(session,SSH_OPTIONS_HOST, host)<0)
goto error;
ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbose);
if(cipher != NULL){
if (ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S, cipher) ||
ssh_options_set(session, SSH_OPTIONS_CIPHERS_S_C, cipher)){
goto error;
}
}
ssh_options_parse_config(session, NULL);
if(ssh_connect(session)==SSH_ERROR)
goto error;
if(ssh_userauth_autopubkey(session,NULL) != SSH_AUTH_SUCCESS)
goto error;
return session;
error:
fprintf(stderr,"Error connecting to \"%s\": %s\n",host,ssh_get_error(session));
ssh_free(session);
return NULL;
}
static int _sftp_connect(const char *uri) {
char *scheme = NULL;
char *user = NULL;
char *passwd = NULL;
char *host = NULL;
unsigned int port = 0;
char *path = NULL;
unsigned char *hash = NULL;
int hlen;
int rc = -1;
int state = SSH_SERVER_ERROR;
int timeout = 10;
int method;
char *verbosity;
if (_connected) {
return 0;
}
rc = c_parse_uri(uri, &scheme, &user, &passwd, &host, &port, &path);
if (rc < 0) {
goto out;
}
DEBUG_SFTP(("csync_sftp - conntecting to: %s\n", host));
/* create the session */
_ssh_session = ssh_new();
if (_ssh_session == NULL) {
fprintf(stderr, "csync_sftp - error creating new connection: %s\n",
strerror(errno));
rc = -1;
goto out;
}
rc = ssh_options_set(_ssh_session, SSH_OPTIONS_TIMEOUT, &timeout);
if (rc < 0) {
fprintf(stderr, "csync_sftp - error setting options: %s\n",
strerror(errno));
goto out;
}
rc = ssh_options_set(_ssh_session, SSH_OPTIONS_COMPRESSION_C_S, "none");
if (rc < 0) {
fprintf(stderr, "csync_sftp - error setting options: %s\n",
strerror(errno));
goto out;
}
rc = ssh_options_set(_ssh_session, SSH_OPTIONS_COMPRESSION_S_C, "none");
if (rc < 0) {
fprintf(stderr, "csync_sftp - error setting options: %s\n",
strerror(errno));
goto out;
}
ssh_options_set(_ssh_session, SSH_OPTIONS_HOST, host);
if (rc < 0) {
fprintf(stderr, "csync_sftp - error setting options: %s\n",
strerror(errno));
goto out;
}
if (port) {
ssh_options_set(_ssh_session, SSH_OPTIONS_PORT, &port);
if (rc < 0) {
fprintf(stderr, "csync_sftp - error setting options: %s\n",
strerror(errno));
goto out;
}
DEBUG_SFTP(("csync_sftp - port set to: %d\n", port));
}
if (user && *user) {
ssh_options_set(_ssh_session, SSH_OPTIONS_USER, user);
if (rc < 0) {
fprintf(stderr, "csync_sftp - error setting options: %s\n",
strerror(errno));
goto out;
}
DEBUG_SFTP(("csync_sftp - username set to: %s\n", user));
}
verbosity = getenv("CSYNC_SFTP_LOG_VERBOSITY");
if (verbosity) {
rc = ssh_options_set(_ssh_session, SSH_OPTIONS_LOG_VERBOSITY_STR, verbosity);
if (rc < 0) {
goto out;
}
}
/* read ~/.ssh/config */
rc = ssh_options_parse_config(_ssh_session, NULL);
if (rc < 0) {
goto out;
}
_ssh_callbacks = (ssh_callbacks) c_malloc(sizeof(struct ssh_callbacks_struct));
if (_ssh_callbacks == NULL) {
rc = -1;
goto out;
}
ZERO_STRUCTP(_ssh_callbacks);
_ssh_callbacks->userdata = _userdata;
_ssh_callbacks->auth_function = _ssh_auth_callback;
ssh_callbacks_init(_ssh_callbacks);
ssh_set_callbacks(_ssh_session, _ssh_callbacks);
rc = ssh_connect(_ssh_session);
if (rc < 0) {
fprintf(stderr, "csync_sftp - error connecting to the server: %s\n", ssh_get_error(_ssh_session));
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
goto out;
}
hlen = ssh_get_pubkey_hash(_ssh_session, &hash);
if (hlen < 0) {
fprintf(stderr, "csync_sftp - error connecting to the server: %s\n",
ssh_get_error(_ssh_session));
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
goto out;
}
/* check the server public key hash */
state = ssh_is_server_known(_ssh_session);
switch (state) {
case SSH_SERVER_KNOWN_OK:
break;
case SSH_SERVER_KNOWN_CHANGED:
fprintf(stderr, "csync_sftp - The host key for this server was "
"not found, but another type of key exists.\n"
"An attacker might change the default server key to confuse your "
"client into thinking the key does not exist.\n"
"Please contact your system administrator.\n"
"%s\n", ssh_get_error(_ssh_session));
ssh_print_hexa("csync_sftp - public key hash", hash, hlen);
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
break;
case SSH_SERVER_FOUND_OTHER:
fprintf(stderr, "csync_sftp - the host key for this server was not "
"found but an other type of key exists.\n");
fprintf(stderr, "csync_sftp - an attacker might change the default "
"server key to confuse your client into thinking the key does not "
"exist\n");
fprintf(stderr, "The host key for the server %s has changed.\n"
"This could either mean that DNS SPOOFING is happening or the IP "
"address for the host and its host key have changed at the same time.\n"
"The fingerprint for the key sent by the remote host is:\n", host);
ssh_print_hexa("", hash, hlen);
fprintf(stderr, "Please contact your system administrator.\n"
"%s\n", ssh_get_error(_ssh_session));
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
break;
case SSH_SERVER_NOT_KNOWN:
if (_authcb) {
char *hexa;
char *prompt;
char buf[4] = {0};
hexa = ssh_get_hexa(hash, hlen);
if (hexa == NULL) {
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
}
if (asprintf(&prompt,
"The authenticity of host '%s' can't be established.\n"
"RSA key fingerprint is %s.\n"
"Are you sure you want to continue connecting (yes/no)?",
host, hexa) < 0 ) {
free(hexa);
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
}
free(hexa);
if ((*_authcb)(prompt, buf, sizeof(buf), 1, 0, _userdata) < 0) {
free(prompt);
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
}
free(prompt);
if (strncasecmp(buf, "yes", 3) != 0) {
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
}
if (ssh_write_knownhost(_ssh_session) < 0) {
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
}
} else {
fprintf(stderr,"csync_sftp - the server is unknown. Connect manually to "
"the host to retrieve the public key hash, then try again.\n");
}
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
break;
case SSH_SERVER_ERROR:
fprintf(stderr, "%s\n", ssh_get_error(_ssh_session));
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
break;
default:
break;
}
/* Try to authenticate */
rc = ssh_userauth_none(_ssh_session, NULL);
if (rc == SSH_AUTH_ERROR) {
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
}
#if 0
/* authenticate with the server */
if (passwd && *passwd) {
DEBUG_SFTP(("csync_sftp - authenticating with user/password\n"));
/*
* This is tunneled cleartext password authentication and possibly needs
* to be allowed by the ssh server. Set 'PasswordAuthentication yes'
*/
auth = ssh_userauth_password(_ssh_session, user, passwd);
} else {
DEBUG_SFTP(("csync_sftp - authenticating with pubkey\n"));
auth = ssh_userauth_autopubkey(_ssh_session, NULL);
}
if (auth == SSH_AUTH_ERROR) {
fprintf(stderr, "csync_sftp - authenticating with pubkey: %s\n",
ssh_get_error(_ssh_session));
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
}
if (auth != SSH_AUTH_SUCCESS) {
if (_authcb != NULL) {
auth = auth_kbdint(_ssh_session);
if (auth == SSH_AUTH_ERROR) {
fprintf(stderr,"csync_sftp - authentication failed: %s\n",
ssh_get_error(_ssh_session));
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
}
} else {
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
}
}
#endif
method = ssh_auth_list(_ssh_session);
while (rc != SSH_AUTH_SUCCESS) {
/* Try to authenticate with public key first */
if (method & SSH_AUTH_METHOD_PUBLICKEY) {
rc = ssh_userauth_autopubkey(_ssh_session, NULL);
if (rc == SSH_AUTH_ERROR) {
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
} else if (rc == SSH_AUTH_SUCCESS) {
break;
}
}
/* Try to authenticate with keyboard interactive */
if (method & SSH_AUTH_METHOD_INTERACTIVE) {
rc = auth_kbdint(_ssh_session, user, passwd);
if (rc == SSH_AUTH_ERROR) {
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
} else if (rc == SSH_AUTH_SUCCESS) {
break;
}
}
/* Try to authenticate with password */
if ((method & SSH_AUTH_METHOD_PASSWORD) && passwd && *passwd) {
rc = ssh_userauth_password(_ssh_session, user, passwd);
if (rc == SSH_AUTH_ERROR) {
ssh_disconnect(_ssh_session);
_ssh_session = NULL;
ssh_finalize();
rc = -1;
goto out;
} else if (rc == SSH_AUTH_SUCCESS) {
break;
}
}
}
DEBUG_SFTP(("csync_sftp - creating sftp channel...\n"));
/* start the sftp session */
_sftp_session = sftp_new(_ssh_session);
if (_sftp_session == NULL) {
fprintf(stderr, "csync_sftp - sftp error initialising channel: %s\n", ssh_get_error(_ssh_session));
rc = -1;
goto out;
}
rc = sftp_init(_sftp_session);
if (rc < 0) {
fprintf(stderr, "csync_sftp - error initialising sftp: %s\n", ssh_get_error(_ssh_session));
goto out;
}
DEBUG_SFTP(("csync_sftp - connection established...\n"));
_connected = 1;
rc = 0;
out:
SAFE_FREE(scheme);
SAFE_FREE(user);
SAFE_FREE(passwd);
SAFE_FREE(host);
SAFE_FREE(path);
SAFE_FREE(hash);
return rc;
}
int ssh_open_url(url_t* urlp)
{
ftp->session = ssh_new();
if (!ftp->session)
return -1;
/* set log level */
if (ftp_get_verbosity() == vbDebug)
{
int verbosity = SSH_LOG_PROTOCOL;
ssh_options_set(ftp->session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
}
/* If we have ssh options from yafcrc, load them */
if (gvSSHOptions) {
args_t *args = args_create();
args_init(args, 0, NULL);
args_push_back(args, gvSSHOptions);
int argc = 0;
if (ssh_options_getopt(ftp->session, &argc, args->argv) != SSH_OK) {
ftp_err(_("Failed to load SSH options from yafcrc config (ssh_options = '%s')\n"), gvSSHOptions);
ssh_free(ftp->session);
ftp->session = NULL;
return -1;
}
args->argc = argc;
args_destroy(args);
}
/* set host name */
ssh_options_set(ftp->session, SSH_OPTIONS_HOST, urlp->hostname);
/* if we have port use that one */
if (urlp->port > 0)
ssh_options_set(ftp->session, SSH_OPTIONS_PORT, &urlp->port);
/* parse .ssh/config */
int r = ssh_options_parse_config(ftp->session, NULL);
if (r != SSH_OK)
{
ftp_err(_("Failed to parse ssh config: %s\n"), ssh_get_error(ftp->session));
ssh_free(ftp->session);
ftp->session = NULL;
return r;
}
/* if we have username use that one */
if (urlp->username)
ssh_options_set(ftp->session, SSH_OPTIONS_USER, urlp->username);
/* connect to server */
r = ssh_connect(ftp->session);
if (r != SSH_OK)
{
ftp_err(_("Couldn't initialise connection to server: %s\n"), ssh_get_error(ftp->session));
ssh_free(ftp->session);
ftp->session = NULL;
return r;
}
/* verify server */
if (verify_knownhost(ftp->session))
{
ssh_disconnect(ftp->session);
ssh_free(ftp->session);
ftp->session = NULL;
return -1;
}
/* authenticate user */
r = test_several_auth_methods(ftp->session, urlp);
if (r != SSH_OK)
{
ftp_err(_("Authentication failed: %s\n"), ssh_get_error(ftp->session));
ssh_disconnect(ftp->session);
ssh_free(ftp->session);
ftp->session = NULL;
return -1;
}
ftp->ssh_version = ssh_get_version(ftp->session);
if (!ftp->ssh_version) {
ftp_err(_("Couldn't initialise connection to server\n"));
return -1;
}
ftp->sftp_session = sftp_new(ftp->session);
if (!ftp->sftp_session)
{
ftp_err(_("Couldn't initialise ftp subsystem: %s\n"), ssh_get_error(ftp->session));
ssh_disconnect(ftp->session);
ssh_free(ftp->session);
ftp->session = NULL;
return -1;
}
r = sftp_init(ftp->sftp_session);
if (r != SSH_OK)
{
ftp_err(_("Couldn't initialise ftp subsystem: %s\n"), ssh_get_error(ftp->sftp_session));
sftp_free(ftp->sftp_session);
ftp->sftp_session = NULL;
ssh_disconnect(ftp->session);
ssh_free(ftp->session);
ftp->session = NULL;
return r;
}
ftp->connected = true;
ftp->loggedin = true;
free(ftp->homedir);
ftp->homedir = ftp_getcurdir();
url_destroy(ftp->url);
ftp->url = url_clone(urlp);
free(ftp->curdir);
ftp->curdir = xstrdup(ftp->homedir);
free(ftp->prevdir);
ftp->prevdir = xstrdup(ftp->homedir);
if (ftp->url->directory)
ftp_chdir(ftp->url->directory);
ftp_get_feat();
return 0;
}
/**
* @brief Connect to the ssh server.
*
* @param[in] session The ssh session to connect.
*
* @returns SSH_OK on success, SSH_ERROR on error.
* @returns SSH_AGAIN, if the session is in nonblocking mode,
* and call must be done again.
*
* @see ssh_new()
* @see ssh_disconnect()
*/
int ssh_connect(ssh_session session) {
int ret;
if (session == NULL) {
return SSH_ERROR;
}
switch(session->pending_call_state){
case SSH_PENDING_CALL_NONE:
break;
case SSH_PENDING_CALL_CONNECT:
goto pending;
default:
ssh_set_error(session,SSH_FATAL,"Bad call during pending SSH call in ssh_connect");
return SSH_ERROR;
}
session->alive = 0;
session->client = 1;
if (session->opts.fd == SSH_INVALID_SOCKET &&
session->opts.host == NULL &&
session->opts.ProxyCommand == NULL) {
ssh_set_error(session, SSH_FATAL, "Hostname required");
return SSH_ERROR;
}
/* If the system configuration files were not yet processed, do it now */
if (!session->opts.config_processed) {
ret = ssh_options_parse_config(session, NULL);
if (ret != 0) {
ssh_set_error(session, SSH_FATAL,
"Failed to process system configuration files");
return SSH_ERROR;
}
}
ret = ssh_options_apply(session);
if (ret < 0) {
ssh_set_error(session, SSH_FATAL, "Couldn't apply options");
return SSH_ERROR;
}
SSH_LOG(SSH_LOG_PROTOCOL,
"libssh %s, using threading %s",
ssh_copyright(),
ssh_threads_get_type());
session->ssh_connection_callback = ssh_client_connection_callback;
session->session_state=SSH_SESSION_STATE_CONNECTING;
ssh_socket_set_callbacks(session->socket,&session->socket_callbacks);
session->socket_callbacks.connected=socket_callback_connected;
session->socket_callbacks.data=callback_receive_banner;
session->socket_callbacks.exception=ssh_socket_exception_callback;
session->socket_callbacks.userdata=session;
if (session->opts.fd != SSH_INVALID_SOCKET) {
session->session_state=SSH_SESSION_STATE_SOCKET_CONNECTED;
ssh_socket_set_fd(session->socket, session->opts.fd);
ssh_socket_set_io_callbacks(session->socket, &session->socket_io_callbacks);
ret=SSH_OK;
#ifndef _WIN32
} else if (session->opts.ProxyCommand != NULL){
ret = ssh_socket_connect_proxycommand(session->socket,
session->opts.ProxyCommand);
#endif
} else {
ret=ssh_socket_connect(session->socket,
session->opts.host,
session->opts.port > 0 ? session->opts.port : 22,
session->opts.bindaddr);
}
if (ret == SSH_ERROR) {
return SSH_ERROR;
}
set_status(session, 0.2f);
session->alive = 1;
SSH_LOG(SSH_LOG_PROTOCOL,"Socket connecting, now waiting for the callbacks to work");
pending:
session->pending_call_state=SSH_PENDING_CALL_CONNECT;
if(ssh_is_blocking(session)) {
int timeout = (session->opts.timeout * 1000) +
(session->opts.timeout_usec / 1000);
if (timeout == 0) {
timeout = 10 * 1000;
}
SSH_LOG(SSH_LOG_PACKET,"Actual timeout : %d", timeout);
ret = ssh_handle_packets_termination(session, timeout, ssh_connect_termination, session);
if (session->session_state != SSH_SESSION_STATE_ERROR &&
(ret == SSH_ERROR || !ssh_connect_termination(session))) {
ssh_set_error(session, SSH_FATAL,
"Timeout connecting to %s", session->opts.host);
session->session_state = SSH_SESSION_STATE_ERROR;
}
}
else {
ret = ssh_handle_packets_termination(session,
SSH_TIMEOUT_NONBLOCKING,
ssh_connect_termination,
session);
if (ret == SSH_ERROR) {
session->session_state = SSH_SESSION_STATE_ERROR;
}
}
SSH_LOG(SSH_LOG_PACKET,"current state : %d",session->session_state);
if(!ssh_is_blocking(session) && !ssh_connect_termination(session)){
return SSH_AGAIN;
}
session->pending_call_state=SSH_PENDING_CALL_NONE;
if(session->session_state == SSH_SESSION_STATE_ERROR || session->session_state == SSH_SESSION_STATE_DISCONNECTED)
return SSH_ERROR;
return SSH_OK;
}
